Mustang Panda uses cloud service for stealth C2
🛡️ A China-aligned espionage group, Mustang Panda, has run two campaigns targeting Indian government and hydropower-related networks, using new malware and abusing Zoho WorkDrive as a covert command-and-control channel. Acronis Threat Research Unit found active compromises affecting senior administrative systems, worked with CERT-In for remediation, and detailed three tools: SHARDLOADER, MINIRECON, and ZOHOMURK. The intrusions leveraged DLL sideloading via signed binaries and spear-phishing lures themed to hydropower and bilateral memoranda, with beaconing recorded from June 12–22, 2026.
